Search in:

Attack on police website was part of a bigger campaign

Natalie O'Brien

A cyber attack that brought down the Australian Federal Police website late last year was part of a wider series of attacks on the organisation by a group suspected of also targeting the air force, the Reserve Bank, the Australian Security Intelligence Organisation and the Australian Secret Intelligence Service.

Freedom-of-information documents reveal the federal police had been attacked several times in different ways, in the days before the Indonesian Anonymous hacker group launched the November 21 attack, bringing down the police website and exposing ''vulnerabilities'' in the systems.

The documents also show the federal police had been hit by ''spearfishing'' emails with attachments containing viruses known as malware, which were not detected by the its anti-virus software.

The emails were targeted at executive and human resources members of the police, and the malware used advanced techniques to avoid detection. It was reported that the phishing was designed to ''steal user credentials for third-party sites''. Those sites were not identified.

Advertisement

The documents also showed that more than one website had been affected, and named the ASIO, the Reserve Bank and the air force as having had their websites attacked.

On Thursday, the federal police announced that two men had been arrested for an alleged campaign targeting Australian and international websites, and that several computer hard drives had been seized.

The statement said that since 2012, people who claimed to be members of ''Anonymous'' had targeted a number of Australian government and corporate networks, resulting in the theft of personal data, defacement of websites and attacks causing websites to drop offline.

High Tech Crime Operations national manager Tim Morris said such attacks could have a serious impact on government and business services.

"These acts can cause serious disruption to government and business networks, which in turn can be catastrophic for people who rely on these networks to run their small business or administer their entitlements or personal finances,'' he said.

Indonesian Anonymous had claimed responsibility for the attack following revelations that Australian intelligence had been targeting the phones of Indonesian President Susilo Bambang Yudhoyono and his wife.

Police background notes said ''Anonymous under the guise of Anonymous Australia had also been claiming to have compromised Indonesian airports and control systems. It is believed that this is to goad Australian members of Anonymous into a 'cyber war'.''

Case notes by officers revealed the federal police were first told about the attack by a US organisation about 5am on November 21, but when they attempted to relay the information to the various police departments, they were foiled by a series of mishaps, including the police ICT (information and communications technology) security mobile number being ''no longer connected''.

Officers then called ICT support for alternate numbers, which were rung several times but never answered. They then tried to find personal mobile numbers for the ICT security team but were told these could not be provided.

It was more than an hour later that a police officer was able to track down the team leader.